From 3f7afb8375a15a2e8f9cce5381fda0767b372486 Mon Sep 17 00:00:00 2001
From: Eladash <elad3356p@gmail.com>
Date: Sat, 2 Sep 2023 09:29:58 +0300
Subject: [PATCH] SPU LLVM: Fix crashes on corrupted cache file

* Fix OOM if size is too high.
* Fix out-of-bounds access beyond SPU_LS_SIZE.
---
 rpcs3/Emu/Cell/SPURecompiler.cpp | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/rpcs3/Emu/Cell/SPURecompiler.cpp b/rpcs3/Emu/Cell/SPURecompiler.cpp
index a3a35d5535..fd213b1247 100644
--- a/rpcs3/Emu/Cell/SPURecompiler.cpp
+++ b/rpcs3/Emu/Cell/SPURecompiler.cpp
@@ -588,9 +588,12 @@ std::deque<spu_program> spu_cache::get()
 			break;
 		}
 
-		func.resize(size);
+		if (utils::add_saturate<u32>(addr, utils::mul_saturate<u32>(size, 4)) > SPU_LS_SIZE)
+		{
+			break;
+		}
 
-		if (m_file.read(func.data(), func.size() * 4) != func.size() * 4)
+		if (!m_file.read(func, size))
 		{
 			break;
 		}